0

I have installed XAMPP on Windows 10 for the local development and don't want my XAMPP installation to be accessible from the outside. I am reading How to make xampp secure and it says that the default configuration for the XAMPP is to make it available for the immediate use, i.e. it is accessible from the external web.

So - what configuration should I make to protect my XAMPP from external access.

As far as I understand, then the only thing that I should do is to block the external access to the ports the XAMPP is exposing? But what ports XAMPP exposes by default? I guess - it exposes HTTP/HTTPS ports only, my guess is that XAMPP does not expose MariaDB ports for the external use? I am totally confused. Or maybe there is some extensive list of ports to whom the external access should be blocked?

I have not started my XAMPP yet. It is quite possible that upon the start the Windows default firewall will ask me to to give/deny permission for XAMPP to communication in some kind of networks (local/private or public) and it can be the chance to automatically create all the necessary Firewall rules. But I don't know if this will happen and I am too afraid to risk.

So - are there any guidelines about Firwalls and use of XAMPP for internal/local development only?

TomR
  • 133
  • 1
  • 7
  • 1
    What ports depend entirely on the configuration file. You can host a website on any port you want, you can supports HTTPS on any port you want, for instance, you can support HTTP on port 80 but redirect HTTPS traffic to 81 instead of 443. – Ramhound Oct 30 '19 at 22:35
  • Of course, I understand that and I have used that in production. But my question is more about exhaustive lists of ports I should protect. And about the tools how can I protect those ports? Should I created all the necessary Firewall rules manually? – TomR Oct 30 '19 at 22:45
  • 2
    The only ports you have to protect are the ports you forward to the device itself. Only you know what ports those will be. Most services are not "insecure" just by opening the ports, which will be required to communicate with the server outside of your intranet, only you can decide what of security hardening you must accomplish. Do you have a specific concern? Questions looking for general guidance about anything are difficult to answer – Ramhound Oct 31 '19 at 00:06
  • My computer is not in the LAN. In LAN one can decide which externally faced LAN port is forwarded to the port on the local computer. My computer (laptop) is connected to the Internet, so kind of direct access. So - maybe there is different approach necessary? – TomR Oct 31 '19 at 06:40
  • 1
    You should never connect a server directly to the internet. You should absolutely never connect a Windows 10 machine directly to the internet. Your OS is not designed to regard the its local subnet as completely hostile and untrusted. Right now every service running by default in Windows 10 is directly exposed to the internet. Put a router or PfSense box in front of your machine, and only allow port 80 through to your webserver. – Andy Oct 31 '19 at 06:59
  • 10 years ago my Internet Provider gave me wire with the fixed IP address (connected with the MAC address of my laptop). I plugged this wire into my laptop and since then I have always lived without router or anything between my laptopt and this wire. I have changed my laptop and asked to changed registered MAC address with my ISP. I have antivirus, Windows Defender and I have had no security incidents. Am I doing something wrong? Cann't XAMPP work securely in in such laptop for local development only? – TomR Oct 31 '19 at 07:59
  • 1
    Perhaps not comprehensive, but 21, 80, 81, 443, 3306 and 8009 would be good places to start. – Anaksunaman Nov 02 '19 at 07:18

0 Answers0